SQL injection (also known as SQL fishing) is a
technique often used to attack data driven applications.

This is done by including portions of SQL
statements in an entry field in an attempt to get the website to pass a
newly formed rogue SQL command to the database (e.g., dump the database
contents to the attacker). SQL injection is a code injection technique that
exploits a security vulnerability in an application's software.

The vulnerability happens when user input is
either incorrectly filtered for string literal escape characters embedded in
SQL statements or user input is not strongly typed and unexpectedly
executed. SQL injection is mostly known as an attack vector for websites but
can be used to attack any type of SQL database.

What is a Man-In-The-Middle attack?

The man-in-the-middle attack take on many
forms. The most common form is active network eavesdropping in which
the attacker is able to gain authentication credentials (Username, Password,
SESSIONID, Cookies Information, etc).

What is cURL?

cURL stands for "Client URL Request Library".

This is a command line tool for getting or
sending files using URL syntax.

Burp Suite is a Java application that can
be used to secure or crack web applications. The suite consists of
different tools, such as a proxy server, a web spider, an intruder and a
so-called repeater, with which requests can be automated.

When Burp suite is used as a proxy server
and a web browser uses this proxy server, it is possible to have control
of all traffic that is exchanged between the web browser and web
servers. Burp makes it possible to manipulate data before it is sent to
the web server.

What is Cookie Manager+?

Cookies manager to view, edit and create new
cookies. It also shows extra information about cookies, allows edit multiple
cookies at once and backup/restore them.

We will use the same SQL Injection
Vulnerabilities from the
Previous Lab.

We will capture the encoded form POST
DATA submissions with Burp Suite.

Then we will use the captured POST DATA
to launch the SQL Injection using curl. This is to illustrate
how unfortunately easy it would be at automate an SQL Injection
Attack.

Finally, we will use the cookies from a
successful SQL Injection to authenticate into Mutillidae without a
password. Note, this is one of many types of a
man-in-the-middle attack.

Legal Disclaimer

As a condition of your use of this Web
site, you warrant to computersecuritystudent.com that you will not use
this Web site for any purpose that is unlawful or
that is prohibited by these terms, conditions, and notices.

In accordance with UCC § 2-316, this
product is provided with "no warranties, either express or implied." The
information contained is provided "as-is", with "no guarantee of
merchantability."

In addition, this is a teaching website
that does not condone malicious behavior of
any kind.

Your are on notice, that continuing
and/or using this lab outside your "own" test environment
is considered
malicious and is against the law.

Search for username that is either
equal to nothing OR where 1 is equal to 1. So, we created a
condition that is always true (OR 1=1). The "--
" string is a comment in SQL. We used this trick to
comment out the rest of the SQL query (AND password=''), which
eliminates that password authentication.

SELECT * FROM accounts WHERE
username=''
or 1=1-- ' AND password=''

View Post Data (With Burp Suite)

Instructions:

Click on the Proxy Tab

Click on the History Tab

Click on the line that contains --> /mutillidae/index.php?page=login.php

Notice you will be automagically logged
in without a password. For this reason, it is extremely
important that session information is (1) not only encrypted, (2)
but also users logout after they finish their session.

Instructions:

http://192.168.1.111/mutillidae/index.php

Section 17:
Proof of Lab

Proof of Lab, (On a BackTrack Terminal)

Instructions:

cd /root

ls -l login*

cat crack_cookies.txt

date

echo "Your Name"

Replace the string "Your Name" with
your actual name.

e.g., echo "John Gray"

Proof of Lab Instructions

Press both the <Ctrl> and <Alt> keys at
the same time.

Do a <PrtScn>

Paste into a word document

Upload to Moodle

Help ComputerSecurityStudentpay for continued research, resources & bandwidth